Setting up PostgreSQL for higher security PHP connection.
Case:
We want to connect to PostgreSQL database using username and password supplied by webuser at login time.
Fact (Linux):
Apache (perhaps other servers, too) running the server as (default to) apache user account. So if you connect to PostgreSQL using default user, apache will be assingned for it. If you hard code the user and password in your PHP script, you'll loose security restriction from PostgreSQL.
Solution:
(You are assumed to have enough privilege to do these things, though)
1. Edit pg_hba.conf to have the line like the one below
host db_Name [web_server_ip_address] [ip_address_mask] md5
2. Add to you script the login page that submits username and password.
3. Use those information to login to PostgreSQL like these...
<?
$conn = "host=$DBHost port=$DBPort dbname=$DBName ".
"user='{$_POST['dbUsername']}' password='{$_POST['dbPassword']}'";
$db = pg_connect ($conn);
[your other codes go here...]
?>
4. You must add users in PostgreSQL properly.
5. For your convenience, you can store the username and password to $_SESSION variable.
Good luck.
Anis WN
